zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andy B (JIRA)" <j...@apache.org>
Subject [jira] [Comment Edited] (ZOOKEEPER-2433) ZooKeeperSaslServer: allow user principals in subject
Date Thu, 02 Jun 2016 16:36:59 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2433?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15312604#comment-15312604
] 

Andy B edited comment on ZOOKEEPER-2433 at 6/2/16 4:36 PM:
-----------------------------------------------------------

Yes, it's exactly the same issue. Both patches aim to allow the use of UPNs.

*HADOOP-10183* 
- _SaslRpc[Client|Server]_: explicitly checks that the KerberosName is in SPN format and throws
an exception if it's not the case.
- Patch: check is removed on client and server side, regex distinguishes between SPN and UPN
and sets the hostname to _InetAddress.getLocalHost().getCanonicalHostName()_ for the latter

*ZOOKEEPER-2433* 
 - _ZooKeeperSaslServer_: parsing fails due to the missing host/machine name in the SPN
- Patch: primitively distinguishes between SPN and UPN and sets the hostname to _null_ for
the latter




was (Author: andy_b):
Yes, it's exactly the same issue. Both patches aim to allow the use of UPNs.

*HADOOP-10183* 
- _SaslRpc[Client|Server]_: explicitly checks that the KerberosName is in SPN format and throws
an exception if it's not the case.
- Patch: check is removed on client and server side, regex distinguishes between SPN and UPN
and sets the hostname to _InetAddress.getLocalHost().getCanonicalHostName()_ for the latter

*ZOOKEEPER-2433* 
 - _ZooKeeperSaslServer_: parsing fails due to the missing host/machine name in the SPN
- Patch: primitively distinguishes between SPN and UPN and sets the hostname to null for the
latter



> ZooKeeperSaslServer: allow user principals in subject
> -----------------------------------------------------
>
>                 Key: ZOOKEEPER-2433
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2433
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: security
>    Affects Versions: 3.5.1
>            Reporter: Andy B
>            Assignee: Andy B
>              Labels: easyfix
>             Fix For: 3.5.2, 3.6.0
>
>         Attachments: ZOOKEEPER-2433.patch
>
>   Original Estimate: 5h
>  Remaining Estimate: 5h
>
> The _createSaslServer_ function in ZooKeeperSaslServer +handles only service principal
names+ (eg. *service_name/{color:blue}machine_name{color}@realm*), though sometimes user/service
principal names +without host name+ (eg. *service_name@realm*) are used for authentication.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message